When a company starts to analyze the ingress and egress points on their network, usually after a significant malware event, they will inevitably begin to consider ways to control the types and sources of content allowed to enter and leave their environment. There are several technologies that can and should be considered. Chief among these technologies is Network Monitoring and Web Content Filtering. The benefits of network monitoring and content filtering include productivity increases, network health awareness, protection from malware, elimination of liability issues, and reduction of bandwidth usage. The threats posed by wide open access to everything on the internet are as diverse as the internet itself. Things to consider in this regard:
- Every business is legally bound by employment laws to ensure a worker friendly environment. This includes ensuring that workers are not exposed to sexual harassment, including pornography and hate materials.
- Recent legislation mandates that employees be advised when they are under surveillance, what kind of surveillance they are under, what the surveillance is for, and employers are not able to use or disclose surveillance records for unrelated purposes.
- Web-based email and chat is a major vector for data loss.
- Anti web malware service, Dasient reports there is an epidemic of web-based malware. The Dasient “Infection Library” displays current malware infections totals.
- Legitimate sites can also carry web-based malware, either through advertising or injected links.
Steps To Take
While the internet does introduce significant security risks, if policies and controls are designed appropriately, information security can add real value. Creating a corporate network monitoring policy is quite simply a must. Ensure that you have directives for every area, from blogs, wikis and social networks, to virtual worlds, entertainment, gambling and game sites. Modern enterprise class monitoring and content filtering technologies are highly automated, with the product vendor providing the content filters, however it still requires some effort, staff, processes and a formal plan of action. You will need to review the reports that it will generate, review sites for reclassification, review requess for specific site acces, and use the results to better your controls. Take a formal approach to dealing with the issues strategically and tactically.
- Define why you are introducing this technology, and what you are protecting with its use.
- Create a team involving HR, Legal, and other resources to review reports, statistics, and access requests.
- Create a policy that explains the purpose for network monitoring and content filtering, and the expected outcomes of these activities.
- Determine what content types will be blocked, and document why each content type is being blocked.
- Risk assessments should be done for each site that your users wish to gain access to.
- Know the specific vulnerabilities associated with each site and identify which users pose the greatest risks.
All output should be reveiwed and used to modify and update the policy and strategy, which should be customized to your specific risk matrix. For example, when you perform an analysis on social media, you may see that users may be revealing the technologies in use, the corporate direction, vendors and products used, internal e-mail addresses, formatting structure, and more.
Security awareness has always been important, but never more so than in the era of social networks. Social media is driven by social interactions, and the most significant risks are tied to the behavior of staff when they are using social software. Don’t shun social media for fear of bad end-user behavior; rather, anticipate it and formulate a multilevel approach to policies for effective governance.
A good awareness program ensures that staff know about and are compliant with monitoring and filtering policies and guidelines. Make certain that your constituents are aware of social engineering, and that not everyone they encounter in person, on the phone, or on the internet will be genuine, and they can lose their job due to policy violations. Educate managers and executives that they have a special responsibility when blogging by virtue of their position. Everyone needs to know that too much time spent on non-business related sites is a bad move. Without guidelines, breaches will occur.
When implementing your solution, ensure that you continue to communicate with your constituents through the “blocked content” screen. Provide as much information as possible as to why the site or content was blocked, links to relevant policies, and steps to take to have the content or site considered for reclassification in the event of error. Give your users the benefit of the doubt when reviewing reports. Don’t forget that the web is now woven and intertwined. Many of the top 10 blocked sites will be there because they are popular or prolific advertisers, appearing on multiple webpages, and redirection will often be to blame for what appear to be malicious activities. Don’t accept the output at face value, do some research, analyze the records, and be certain that there is a problem before confronting anyone about their surfing habits.
Some of the most popular vendors on the market are:
- Trend Micro
Each has specific products and feature sets that will provide pros and cons, depending on your architecture, goals, and requirements. There are also a number of FREE offerings, some are already “in the cloud”, such as OpenDNS. Here is a report from the folks at OpenDNS that may also be insightful. Others are geared at the more technically savvy home users, like K9 from Blue Coat. I highly recommend implementing at least one of these technologies. OpenDNS can be setup instantly with no downloads, and it can protect your entire family. There really is no good reason not to use it.